Re: Limiting User Commands

To: debian-isp@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: Limiting User Commands
From: Thomas Mueller <news-exp-dec04@tmueller.com>
Date: Sat, 06 Nov 2004 11:49:50 +0100
Message-id: <[🔎] cmia8f$bp4$1@sea.gmane.org>
In-reply-to: <[🔎] 3f9fee510411051535a4ad332@mail.gmail.com>
References: <[🔎] 3f9fee5104110509315629b895@mail.gmail.com> <[🔎] 20041105231328.GB16508@aokiconsulting.com> <[🔎] 3f9fee510411051535a4ad332@mail.gmail.com>

On 06.11.2004 00:35 Stephen Le wrote:

Is there an easy way to limit the commands a certain group of users
can execute?

Indeed. A chroot would only apply to a user if they were logged into
the system. Let's say I wanted to prevent users executing the command
"bad_command". Well, if "bad_command" was not available to a user in
their chroot, they wouldn't be able to execute it. However, a user
might write a Perl script that contained the following line:

system("bad_command");

If they got Apache to execute the script, the "bad_command" would be
run. This is the reason why I'm trying to approach this problem from a
permissions standpoint.

RSBAC could solve that easily, I prefer the RC module. Default isneither Apache nor the user is allowed to execute anything. Give thecommands the user is allowed to execute a new RC type and give the userand Apache execute rights on that type.



Thomas

Reply to:

References:
- Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: Osamu Aoki <osamu@debian.org>
- Re: Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>

Prev by Date: Re: DoS on my OnlineStore (PHP)
Next by Date: Re: apache & log files
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread